Howdy all! Is it just me or has the number of Sub-Seven probes grown astronomically in the last 7 days? I am seeing on average 25-30 clients per day, each scanning 3 or 4 times each up from only 1 or 2 per day at most for the last several months. Time, Event, Intruder, Count 12/30/2002 4:36:04 AM, SubSeven port probe, 211.54.97.249, 4 12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4 12/30/2002 4:35:28 AM, SubSeven port probe, 61.76.228.152, 4 12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4 12/30/2002 4:12:11 AM, SubSeven port probe, 211.218.199.99, 4 12/30/2002 3:51:45 AM, SubSeven port probe, 211.220.174.241, 4 12/30/2002 3:07:42 AM, SubSeven port probe, pcp465155pcs.shrpsr01.tn.comcast.net, 4 12/30/2002 2:55:53 AM, SubSeven port probe, 211.180.104.212, 4 12/30/2002 2:55:52 AM, SubSeven port probe, 211.180.104.212, 4 12/30/2002 2:48:50 AM, SubSeven port probe, CPE0080c6fe0c2c.cpe.net.cable.rogers.com, 4 12/30/2002 2:12:42 AM, SubSeven port probe, 61.84.87.119, 4 12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3 12/30/2002 2:01:28 AM, SubSeven port probe, 211.220.171.85, 3 12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3 12/30/2002 1:30:10 AM, SubSeven port probe, 218.150.0.71, 3 12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4 12/30/2002 1:10:01 AM, SubSeven port probe, 61.84.137.155, 4 12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4 12/30/2002 12:56:18 AM, SubSeven port probe, 211.195.57.52, 4 12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4 12/30/2002 12:45:13 AM, SubSeven port probe, 218.147.103.205, 4 12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3 12/30/2002 12:13:30 AM, SubSeven port probe, 61.82.221.165, 3 12/29/2002 11:52:24 PM, SubSeven port probe, 61.77.146.31, 4 12/29/2002 11:51:42 PM, SubSeven port probe, 218.148.57.89, 3 12/29/2002 11:51:41 PM, SubSeven port probe, 218.148.57.89, 3 12/29/2002 11:29:42 PM, SubSeven port probe, 211.230.118.236, 4 12/29/2002 10:48:21 PM, SubSeven port probe, 1Cust124.tnt1.reading.pa.da.uu.net, 4 12/29/2002 10:48:21 PM, SubSeven port probe, 1Cust124.tnt1.reading.pa.da.uu.net, 4 12/29/2002 10:42:14 PM, SubSeven port probe, 61.73.229.103, 4 12/29/2002 10:07:20 PM, SubSeven port probe, s211-33-10-129.thrunet.ne.kr, 1 12/29/2002 10:07:19 PM, SubSeven port probe, s211-33-10-129.thrunet.ne.kr, 1 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:52:31 PST